For some known reasons, Fetchmail does not pull an optional central authority's issuer's SSL certificates, requiring manually downloading the issuer's certficates.

The following will aide further configuring Fetchamil for communiating via POP3 SSL.  For Fetchmail to currently work with POP3 Windstream.net SSL Email, Fetchamil requires two Sertigo certificates, "SectigoRSAOrganizationValidationSecureServerCA.crt" and "Sectigo SHA-2 Root  USERTrust RSA Certification Authority.crt", downloaded and rehashed.

DOMAIN: POP.WINDSTREAM.NET
PROTOCOL: POP3
PORT: 995

$ mkdir $HOME/.fetchmail/ssl
$ cd $HOME/.fetchmail/ssl

Manually download two certificates from sectigo.com
"SectigoRSAOrganizationValidationSecureServerCA.crt"
"Sectigo SHA-2 Root  USERTrust RSA Certification Authority.crt"

NOTE: If the certificate issuing authority changes, see below TIPS section for finding the new or changed issuing certificate authority including URLs for downloading.

SSL requires a hashed file name instead of given file name, create symlinks to given file names.
$ openssl rehash .

file: $HOME/.fetchmailrc
poll pop.windstream.net
    proto pop3
    service 995
    user some_user_name
    password some_user_password
    options ssl
    options sslcertpath

If the above $HOME/.fetchmailrc file fails, can fallback to the following settings:

file: $HOME/.fetchmailrc
poll pop.windstream.net
    proto pop3
    service 995
    user some_user_name
    password some_user_password
    options ssl sslcertck
    options sslfingerprint "your_servers_fingerprint"

Obtain a sslfingerprint via instructions elsewhere.

TIPS
Windstream.net only prints/pushes the issuer certificate every so many minutes.  So the following will only print Windstream.net's certificate, printing Sertigo's certificate every so many minutes. (ie. Will usually only see one certificate being windstream.net's, while the second, being sertigo.com, every so many minutes.)
$ echo | openssl s_client -CApath $HOME/.fetchmail/ssl -showcerts -servername windstream.net -connect pop.windstream.net:995

Download Sertigo RSA certifcate from windstream.net
This will download windstream.net's certificate, see tip above, and print the URI/URL of the second certificate download URL.
$ echo | openssl s_client -connect pop.windstream.net:995 -showcerts 2>/dev/null | sed -ne '/BEGIN CERT/,/END CERT/p' > /tmp/windstream.cert
$ openssl x509 -text -noout -in /tmp/windstream.cert |grep URI
$ wget (Copy or paste "URI" or "CA Issuers - URI:" contents)